Article updated 6.50pm Sunday 6 June 2021 to clarify details of the legal challenge and involved parties.
The Tories aren’t always known for protecting human rights. So it’s refreshing when one of our Yorkshire MPs stands up for us. The government’s plans to sell off our private medical records have ruffled more than the feathers of David Davis, MP for Howden and Haltemprice, former shadow home secretary 2003–2008, and erstwhile Brexit minister. He strongly opposes the NHS data grab and potential sell off of our most sensitive and intimate personal information to foreign interests.
NHS data grab: how to opt out
And time is running out if you want to opt out of this invasion of privacy. This affects only people registered with a GP in England. We each have until 23 June to tell our GPs that we do not consent to our private data being transferred to a database and potentially sold to the highest bidder – our data, and our kids’ data. If we fail to do this, GPs will just hand over our records.
But opting out isn’t easy. It’s very confusing. There are two kinds of opt-out: the one of major concern is about our ‘GP data’. To stop GPs automatically transferring this data out of their practice, we have to find a special form called the ‘Type 1 opt-out form’. Then we must print it off, complete it and ideally hand it in at our GP surgery. You have to complete a separate one for each child or dependant.
This differs from the other opt-out we can already do regarding our “non-GP data” (hospital or clinic treatments – including sexual health clinics). To opt-out of that, you have to fill out a form online for each person over 13. If you have children under 13, you need to complete and post, a separate form, complete with NHS numbers – this time to NHS Digital. You can also email (enquiries@nhsdigital.nhs.uk) or ring (0300 300 5678) them for help or to ask for the form to be mailed to you.
Byline Times covered this NHS data grab story on 19 May. But most people still don’t know. The site you need to access to opt out is medconfidential.org. It confirms that data collected will be disseminated by NHS Digital alongside other NHS records, including via the “secret ‘VIP lanes’ for GP data” reported by the Guardian in December 2019.
Government plans to sell off our health data
Selling off our health data has been on the government’s radar since 2014. Then, David Davis and privacy campaigners worked hard to make the public aware just what the care.data plan was out to do: scrape and ‘share’ (sell) our patient data with the highest bidder.
In 2013, NHS England said the idea was to link up health and social care information to benefit ‘patient care’. To do so, it wanted to expand its database to include GPs. Mr Davis and others objected.
One million people opted out. The scheme was criticised as opaque, an expansion into all areas of people’s lives without their consent and, following small-scale trials in June 2015, was paused by health secretary Jeremy Hunt pending review by the national data guardian, Fiona Caldicott.
The care.data scheme was closed in 2016, just days after a second data-sharing project with Google’s Deep Mind artificial intelligence project was given the go-ahead.
So why, in the middle of a pandemic, has the government launched another NHS data grab, under a new name, without a public awareness campaign?
The big sell off by stealth
A basic principle of respecting people’s right to privacy is that their consent should be obtained if any of it is to be ‘shared’. And a data privacy impact assessment should be done. In this case, it hasn’t.
The government appears to be bouncing pressurised GPs into just sending off all our data. Using its usual media diversion techniques – old man marries hippy-looking chic – as cover for NHS Digital ordering GPs to submit the records of every patient in their care to the new, permanent database.
Many GPs didn’t know about this. Neither the British Medical Association nor the Royal College of GPs has approved this.
The NHS Digital website provides re-assuring phrases about confidentiality and ‘pseudonymisation’ and ‘the NHS’ not selling our data. But it adds that it can unlock the pseudonymisation codes “in certain circumstances, and where there is a valid legal reason”. Of course it can, as any computer technician knows. So our identities can be revealed and ‘medical’ information sold off to private providers.
Step forward David Davis
We have until 23 June to opt out of this.
The Doctors’ Association UK, OpenDemocracy, the National Pensioners Convention and privacy campaigners are hugely concerned at both the nature of the database and what is behind all this subterfuge. A new NGO called Foxglove has brought together a coalition to launch a legal challenge to allow time for a rethink and seek meaningful patient consent. David Davis is involved and tweeted:
Foxglove is leading a campaign against Palantir being given NHS data and this includes EveryDoctor, Clive Lewis MP and Scientists for EU.
So worried are people that a petition to stop the government’s NHS data grab has been launched. A crowdfunder to support the potential legal case, if the government doesn’t drop the 23 June deadline, has already raised over £14k.
Any processing of our data that breaches duties of confidentiality (as in the case of what you share with your doctor) cannot be considered ethical, fair, or lawful.
What is the government hiding?
Messy and murky is the best that can be said about all this. And that is why David Davis has raised concerns.
As Guardian columnist Marina Hyde points out, there is already a place where anonymised data about us can be securely accessed for genuine medical purposes: the Trusted Research Environment service for England. It says that, “NHS Digital routinely seeks advice from the Independent Group Advising on the Release of Data (IGARD) to ensure that the highest standards of data stewardship and governance are upheld”.
So the question is, why do this at all? And why do it in the middle of growing panic over new covid variants, when GPs and medics are overloaded? What’s the government hiding? More ominously, why has the government called it by the acronym GPDPR, almost identical to GDPR (which ironically is an EU regulation to protect our data, not selling it off)? The GPDPR is formally called the general practice data for planning and research and was published on 12 May, the day after the Queen’s speech omitted it.
Can our government be trusted?
The government is already in the dock over personal protective equipment (PPE) scandals and Matt Hancock’s poor memory. So we need to be super wary. After all, this latest data grab is permanent. It affects our children and grandchildren. Remember, a separate Type 1 form is needed for each of them.
Who knows what schemes the government is planning with the information. Private health care for the healthy and wealthy? Regional health care tailored to the political colour of constituency voters?
For evidence, we have only to look at how Hull has been fed disproportionately large cutbacks over the years, despite high poverty, as rewards have gone to more prosperous Tory constituencies. When its local MP David Davis doesn’t trust the government to do the right thing by us, should we?
